>> it didn't happen without setbacks. we can certainly as americans accomplish anything we put our minds to. we view nextgen as one of the

most important infrastructure investments that we need to make as a nation, and as you've heard before, as an element of u.s. technological leadership nationwide, so we take it very seriously. we appreciate the support that congress has shown for nextgen. we are starting to see, and it's easier on the inside sometimes to see the progress that is being made and operationally deployed usable parts of this that are making a meaningful difference. in terms of completing flights in bad weather, new capacity, greater safety, and it's those benefits will start to compound as well. >> thanks to the panel for being here today. this has been helpful for me. and mr. chairman, i yield back. >> thank you. >> thank you, mr. chair. first i like to thank the panel, several of y'all have been -- i

appreciate your courtesy and service to her country. one issue, everything federal express as a leader in all things in aviation, package delivery, and sports in every other way. having made a comment, word from our sponsor, but -- [laughter] let me ask, i think probably mr. porcari might be the person to ask. the proposal about structures around airports, and, of course, memphis is one of the cities that hopes to become, that is becoming or some would say is, some would say it is becoming an air droplets and it's a major economic engine force. so limitations on the size of structures around the airpo can be limiting in terms of economic development. what is the status of that

particular rule about safety and aircraft and height of buildings around there courts will do becoming periods and rigorous cost evaluation, examination? >> i will need to get back to you with a specific timetable, and steps going forward, but in general the issue and find the appropriate balance of is areas around airports. we need to plan the but for what are the routine flight paths that everyone takes in and out of the airport, but also what are, how can we ensure that should a mishap occurred and aircraft is something like a missed approach, or something grabs that would be more dangerous that they need to recover from, that there are not hazards in a way that would preclude their ability to do that. finding that balance is extremely important that is something we are to do in a very thoughtful way for the reasons

that you talk about. the interests of the airports ability to operate which represents one economic engine in one economic benefit versus surrounding property owners are located near the airport for the obvious region -- reason to want to take advantage of the. it's something we are looking very careful at. we will get back to you. >> i understand safety is of the utmost concern and, but it needs to be balanced in terms of you can still have safety and have the economic development. we have great hopes for economic expansion around the airport area because of federal express. so we people of wisely brought their distribution centers to memphis. more companies should be think about bring their distribution centers to memphis because it's so easy from there because of rails, runway, roads and riverton their product all over the world. in fact, probably the department of defense should plan on moving its operations entirely to memphis to move everything out of memphis which we can get at a

financially successful manner, and efficient manner. but we don't want have our buildings limited so we can't house them when they come there, and i know they are all coming. >> we are saying the same thing. it's finding the right balance. >> there will be opportunities for comment, and analysis based on cost as will? >> we are looking carefully at it. we will get back to you with which the process going forward. >> thank you for all of your work, and i yield back the balance of my time. >> thank you. >> thank you, mr. chair. how about if we pulled some positive genes? can you tell me some of the positive things about nextgen if it would go right now? >> yes, sir. i think we can point to the fact that with congressional urging and reports from both us and the ig we are now beginning to see some goals and metrics for

nextgen and the congress can better monitor progress and we can monitor progress as well. i think some of the other panel members mentioned that some of the construction projects that are taking place of the berries airports around the country are showing stakeholders that they can fact benefit from nextgen in terms of fuel savings could reduction on admissions for the community surrounding the airports. i think, again, progress is clearly based on the fact that we still have interested stakeholders willing to participate, maybe becoming less willing to participate as time goes on. but we again would say progress is being made, albeit not as fast as any of us want it to occur. >> thanks. i'm a big believer in nextgen, if we can ever get a. look forward to hearing from jetblue to see how it is

affected -- hasn't alleviated any congestion in the airports? can you comment on that at all? >> in those airports were the demonstrations have taken place, faa and the stakeholders are reporting that they have seen deficiencies with regard to being able to arrive and depart. some of the issues that still remain are the surface management aspects of integrating servicemen should as well. so getting there is improving, but moving around once you get there it's still a much work in progress. >> man, do i hear you on that one. mr. scoville, what do you mean when you say that the faa may not be delivering the desired benefits of? >> let me for a you and doctor

billion were just talking about any initiative and the need to integrate procedures with surface management operations and so forth, and that's a key aspect that i would seek to reinforce is faa should respond to industries demand. the users request for a focus on the most advanced level procedures that are possible. our data indicates that 67% of mainline carrier our aircraft are equipped for our mpa are. 49% of cruise that fly those aircraft are approved to fly them. in order to derive the most benefits from advanced procedures which would be precise routes and approved approaches, they need to be a place. to date however the first set of procedures solutions again our data indicates 136 solutions were produced by faa come but

only three incorporated advanced procedures with those precise groups. so there's a disconnect between what faa is capable or willing at this point to produce and what the most advanced segment of the airline carrier industry would like to see happen. so there's that difference between what's expected or requested, and what can be delivered. >> do you think this would be a good return on our investment? >> absolutely. , the promised land, when we all get to jerusalem and nextgen is in place ill be an excellent return on investment. >> amen, sounds good. on all of the more of it touchy subject, recently on may 23, 2012, in a staff meeting, the deputy associate administrator for aviation safety made what i thought were some inappropriate

comments. if the republicans win office, quote republicans win office jobs may be affected. if democrats win office, their jobs would not be affected. i think these comments are extremely inappropriate and i'd like to know where these comments are coming from. this is an independent state speaking? is a coming from the administration? is a coming from the white house? where is this man speaking from? >> it is certain not coming from the administration or the white house, and i take and the faa takes any potential violation extremists are so. we do understand that the office of special counsel has opened up an investigation into this particular instance and we're cooperating fully in that. >> good enough for me. thank you, sir, and i will yield back. >> thank you. >> well, thank you, mr. chairman. this would be a little bit repetitive because i share some of the same frustration that

chairman mica and mr. defazio earlier expressed, but i read and general scoble's report, i see these headlines unresolved problems continue to impact the cost and pace of nextgen. anthony c. it says software related problems cost overruns and schedule delays. and in a staff memo they have that $640 million has been spent on it that was meant for other programs. and i suppose that i have been at every hearing that we've ever had on nextgen from the very start. and the and the couple of faa facilities to try to learn what this is all about and see how, it would operate. and i sure don't understand all this but i said at one, maybe the first was a very early hearings on this that i guess i

either made a statement or asked a question whether some future committee coming here and here about that, the delays and cost overruns because that's what everybody is sort of expected would happen. sure enough it's happen. not just on the ram but on other things as well. but i'm wondering about, since it's summer to a question that asked for a statement i made years ago, are we going to have a meeting of the aviation subcommittee six or eight years from now and here about additional delays and cost overruns? i understand, i've been told over the years that when it comes to all this technology that everything is obsolete the day to take it out of the box.

and i know that there's always additional bells and whistles that people want, but i'll ask all of you, do you feel that we are doing everything that could be done? on any additional things that could be done to see that we don't have additional cost overruns before this is fully implemented in 2020, or whenev whenever? >> i think it's a fair question, and it's one that we take very seriously in the sense that we've looked at some lessons learned. and if you take eram as one example, that would've been structured differently in hindsight would've brought in our workforce from day one to help us develop it. and that was in my painting a large part of the problem. we come if anything, would have

greater interaction in the beginning with industry and users, and we have a very collaborative effort that mr. huerta has described to you and it has greatly benefited the implementation of nextgen, including taking some of the early procedural implementation parts of it where we determined what and where, what and where operation implement for benefits. it is i think not possible to say that there will never be any problems going forward with this. but i will tell you i think much greater level of confidence and it says the department's largest infrastructure program, it is something that i've been very personally involved in, have a much greater level of confidence in where we're headed in the trajectory we are on now than a couple of years ago. and in part i would credit acting administrator where does

personal involvement, his deputy and his continuing acting as a minister. >> does anybody else want -- >> mr. duncan, when i joined the agency a little over two years ago my background was program management, large complex technology deployment. and one of the things i want to focus on, you asked about eram. what i saw at that point, it was encountered problems. the problems that we had were we were starting deployment in life facilities are run into operational difficulties, workforce interface issues, things that are significant challenges that we needed to work through. what we did at that time was put a couple of things in place. one was a diagnosis of what was the problem. we brought in third parties to look at it. we determined that what we hadn't had early enough in the program was a human interaction, people that are going to operate this program involved in us

develop it and that our testing have been insufficient to really understand how this is going to work in a wheel world environment. as a result of a valid link this program and everything that went with it, that's what was behind us putting the management changes that we put in place. establishing a centralized program management organization that will bring best practices program management to ensure that we can hit deadlines, we can hit milestones and we can get budgets. that's why we elevated and expanded the responsibility of our nextgen organization so that we can ensure that we have appropriate system integration that we're taking account how one project effects of the projects and schedules and so forth. what we wanted to do was make sure that we were using best practices that are used in any business for managing a large complex undertaking of this sort. it was in june 2011 that we rebaselining to the eram program.

at that time we said that that project was going to be three years and 80 must be on schedule because of the problems that i told you about, and it was going to cost $330 million. today, that still exactly where we are. we have hit the milestones that we put in place at that point, and they think that we've turned the corner on that program. i certainly wish that we'd never gotten ourselves into the situation but i think we are will -- >> before i run out of time let me just say this. what is frustrating is years ago when all this was started, i think, when it was brought up i think everybody probably expected that it would be cost overruns and delays. i doubt there's anybody in this room that is shocked or surprised that there have been cost overruns and delays. or that there will be any future. let me ask you this. how much have we spent on

nextgen? eram is not the whole nextgen program. how much has been spent on the whole nextgen program so far? and how much is going to be spent before it is fully implemented? i'm wondering if anybody can answer that question. i guess it's almost an impossible question. and i know that this is a difficult thing. i know everything looks easy from a difference -- distance. >> we have been spending a rate about one putting dollars per year and -- >> on sir, i didn't hear. >> we've been spending at a rate at about $1 billion a year investment with the support of this congress in nextgen. and we, in the federal investment, and eram, over its program that we have planned out, 20, $27 billion expenditure. that does not include --

>> 27 billion? >> yes. that does not include what industry invests in equipping their aircraft and everything that would be associated with that. from our standpoint we are managing this program as a series of building blocks. we have six foundational technologies, andrea baselines and all are operating within their baselines. what we do is, we've adopted an approach which is premised upon best program management approaches. this is a risk mitigation strategy where we make incremental investments, match them up with benefits so that we can ensure that it makes sense to continue making those investments. in a program of this nature where investments are being made over an extended period of time, in a very dynamic industry, that is going through its own changes, that deals with uncertainty such as costs of

fuel and where is the market going and everything that affects about, we believe that is the most prudent approach to ensure that, the best stewardship of the federal taxpayer investment. >> i apologize iran over much time, but this is all very, very interesting to me. but i remember many years ago they told me they had sketches of all the members of congress down at the department of transportation, and at the bottom under each member they had questions typically asked. and under most them are stated in have questions that undermine it said how much will it cost? i didn't realize i was so transparent i guess, but i have been concerned about that on this program. i still have those concerns but it's a fascinating but also a lot of concern, too. >> under the next fellow who will hear from, probably have

you taken a sharp pencil. >> thank you, mr. chairman. i'm involved with a simultaneous hearings to hear and judiciary sought had to play catch-up. i apologize for my belated arrival. good to have you all with us. mr. scoble, i suppose the trip to jerusalem will not depart today? >> it certainly won't. i regret to say. >> i want to go but not today. mr. porcari, deeply there are any stakeholders not fully committed to the proper implementation of nextgen? >> at this point i believe all the stakeholders are committed to it, and we've worked hard on stakeholder interaction and understanding their needs to make sure that they see the benefits. so i believe the stakeholders are committed. >> so now naysayers that safe no

to you? >> i do think there's a program skepticism from everyone involved, that would get the proper benefits for the investment. >> mr. huerta, how will nextgen improve the productivity of air controllers, a, and b, deeply nextgen has delivered and increased productivity? >> to answer the second question first, i do but i think -- >> could you pull that mic a little closer to you? >> how is this? >> better. >> i do believe that it has increased productivity, but much more needs to be done, and we'll continue. the major benefits that we are seeing which were really focused on is improve air traffic control procedures. and you get the maximum productivity by focused on what they can do around airports.

two dimensions to that. can be reduced track miles flown on arrival and departure, what that gets you is reduced fuel burn, reduced emissions, reduce costs. second aspect of that is something called an optimized profile dissent which were very focused on. traditional distance into airports are a lot like walking down the stairs. at the aviation equivalent of stop and go traffic. very fuel inefficient. with an optimized profile dissent, again engines that i do, you are reducing your fuel burn. so improving the way aircraft approach and depart airports gets a lot more efficiency. and gets you a lot more ability to manage more aircraft in congested airspace. the second benefit it gives you is the ability to you, what we call, deconflict airports. in large metropolitan areas,

said dallas fort worth, because of the nature of older technology and older, and just the geography of our airports are located, we need to manage airports in conjunction with one another. traffic at dfw affects traffic at dallas love, and controllers me to manage both in tandem. with advanced navigation procedures, we can separate those airports because of the curves approaches mr. scovel talked about. and since the tracks do not conflict, that greatly increases the capacity of both of those airports. that's what we're trying to get at, through deployment of advanced navigation procedures. and the benefits are quite real. >> does anybody else want to weigh in on that? good to have you with us. yield back, mr. chairman. >> thank you. and before -- as long as you are here, a little unrelated to the subject of the hearing, but i

wonder if you could comment on the status of sort of international negotiations, if that's the correct way of framing it, in keeping with the european, but i think congress has been on record of criticizing is an illegal emissions trading scheme in that they're trying to impose that extraterritorial. would you comment on with that whole issue stands? >> i'd be happy to comment on it. first, we have serious legal and policy concerns with the proposed emissions trading scheme. it is extraterritorial. it is fundamentally unfair in its approach, and we believe it's not the right way to do it. if you look at presidents using

icao's for consensusbuilding on international aviation issues, is a much more effective way to do this. we have been clear both on the record, off the record and at every level with our e.u. counterparts, that this is unacceptable, that we do not support it. and i think if you're looking closely at the reaction around the world you will see that we have a lot of other nations that in concert with the united states also believe that the unilateral imposition of the emissions trading scheme is inappropriate. finally, there appears to be some recognition on the european side of late that there are real consequences for doing this. so we will continue to press for the appropriate avenues for the resolution of an issue like

this. we are continuing to make it clear that we have serious concerns and do not believe it should be implemented. and i think the consequences of the european union moving ahead to the latter are much better understood by the e.u. these days. >> mr. chairman, thank you. just a few comments, and i think it's worth noting, oftentimes we point out when there are mistakes made for cost overruns, but, you know, i just have to say that since i've been involved in nextgen, i mentioned in my opening remarks that there was a time when the faa could tell us in layman's terms what nextgen was. it wasn't until secretary lahood was appointed secretary of transportation, and randy babbitt, the former

administrator, came into office, and, of course, with the acting administrator on board two years ago that there was an active stakeholder involvement. many of you heard me say from deceit and actually that siege at that time, we heard dr. dillingham, we heard general scovel agree that we need to get stakeholders involved. but that logjam did not free up until secretary lahood and administrator babbitt came into office. and then we started involving stakeholders. we started talking about near-term benefits, and we actually came up with a blueprint which chairman micah mentioned, many of the things that are in the bill that was signed into law in fact came from the task force, came from secretary lahood, randy babbitt and the acting administrator here today. so i think it's worth noting that much progress has been made since that day.

i remember secretary lahood was nominated, he came to see me and he said, what are the challenges, aviation? and i said you have to do two things and you have to do it quickly. and one of the things is you've got to free up this mentality at the faa that we don't want the stakeholders involved, we don't want to hear from them. so to his credit and to the credit of the former administrator, mr. babbitt, and acting administrator who is here today, we have made progress. we have a long way to go, but we've come a long way from just a few years ago. so with that, mr. chairman, thank you to. >> thank you. i must say to currently the faa's internal and fit confidence in this sort of process, due in part to several people who are here before us, leagues ahead of what was just a couple years ago.

this is a different type of process and it takes a different type of experience, and we thank you very much for your testimony. and the first panel is adjourned. we will turn to the second panel, and as they are coming forward let me introduce them. it consists of mr. david barger, president and ceo of jetblue airlines, and we're particularly the pressure. we know he has a number of important commitments and had to select between them cut and we appreciate his attendance at this hearing today. in a sense it may be his songs long -- swansong in that he is finishing up a distinguished period of public service as the head of the nextgen advisory board. and has made a major contribution to moving this from dead center, or even slipping

back in some areas to making real progress, and i think it's to his credit that usually one good measure of how someone is doing is whether preparing someone to take their place and someone who is strong and i think in bill errors, so you have another person of confidence and experience in this area, and i'm impressed by the fact they are from some of his associates his blocking off some extra time in his schedule so he can engage in helping on this process, and turning some of his day-to-day responsibilities over to others at the alaska airways. so that's a tribute to you in part, and we thank you for that. others on the panel are paul rinaldi to as the president of the national air of the national air traffic controllers association, has been be forced

to before. thank you for being here again. it's true also of ed bolen, and is resident and ceo of the national business of say she in, and ms. sue bael, director of aviation, port authority of new york and new jersey. thank you, welcome all to being here. we look forward to hearing you summarize your opening statement in about five minutes. >> i appreciate that very kind words as well. thank you and to ranking member costello, as well for his support ongoing over the years. and to distinguished members of the subcommittee. on behalf of them on 40,000 crew members of jetblue airways i thank you for the opportunity to be heard this morning. the certainly to discuss nextgen. delighted to be here at this testimony. this morning i like to begin by thanking you, mr. chairman, for

genuine passion on this topic. educating all americans about the importance of nextgen. i know we've spent time over the years we think about of course her home state, robust aviation community in a state of wisconsin and what happens over the course of most spectacular week of the year at the oshkosh air show with the eaa. and with that said i also juxtapose my thoughts and comments regarding not just a home base of operations that come from, at new york's john f. kennedy airport, the congestion and airspace challenges that we have across places like the new york metropolitan area, philadelphia, and certainly airports here in the metropolitan washington area. all that said, mr. chairman, and certainly do ranking member costello as well, and all of my meetings throughout the years, you have certainly been passionate about pursuing just real meaningful solutions to these problems as if they have been writing own backyard in

your own congressional districts across the country. and we certainly appreciate that as an industry. you have held hearings and conducted informational sessions and have always had an open door, as you sought not to assign blame but really in terms of driving a shorter path to progress in the future. having served in the pastures as chairman of the faa's nextgen advisory committee, i think you and the members again for the hearing. i am wearing two hats today. that is in the role of the chairman of the net debt as well as seal of jetblue airways. nextgen advisory committee as you mentioned i wasn't conclude my to your role as chairman we are diverse group of 20 aviation leaders really from across the world as both volunteer driven and volunteer led. would provide consensus-based recommendations on complex policy issues to the faa in response to specific questions for tasking that they present to us. it has reported back to the

faa's tasked with recommendations or initial reports on 17 items critical to the implementation of nextgen ranging from selecting and prioritizing metroplex sites, nextgen rollout within these sites to performance metrics, equippage and sinister the issues of data. and the 17 items have been submitted in my written testimony. as i've undertaken equivalent of a graduate level study course and all things nextgen over the past two years in my spare time, i'm delighted to report that it could not be more pleased with the progress of this group that i chaired, including those and the support of my fellow panelists here with me this morning. and also with our partners in the faa. as you both mention in your closing comments that we've worked with so closely over the past two years of my chairmanship. my fellow natca members are participating, voting, and where the each and every meeting. over the past two years we felt

our sessions in washington, d.c. we been down at the university in daytona beach. we been up in new york at kennedy airport and with mayor bloomberg you mention, and even at the bowling complex in seattle recently. and just a couple of weeks we will be hosted by the department of defense at -- to get out and see what is happening across aerospace whether it's education or whether it's a different facts of aviation of we talk about these issues tied to nextgen. natca is engage. natca is committed to i would certainly be remiss if i didn't thank our sub chair over the course of the past two years, tom hendrix who has since moved on, and also steve for the tremendous work. literally hundreds of volunteers working on work groups and task groups has really led by our cga and that also like to thank andy with his health over the years.

just as the natca members are engaged in our work we've been very pleased with the knowledge and level of engagement the acting administrator michael huerta. for us as it does a federal official while serving as the faa deputy administrator, michael has become even more not less active in our work since being elevated to the role of acting administrator. with michael at the helm and with his interest in work clothes with the aviation community, i'm confident and our collective bill to overcome some of the barriers to implement nextgen. you comment about succession planning. i'm very pleased that with my chairmanship, sunset and i will remain on the committee, will air who is chairman of the alaska air group, bill has been formally leave leading the alaska air group who is an experienced aviator, will be taking over the chairmanship of naca on a go forward basis as we pass the baton at wright patterson air force base here in

october. and, in fact, by may i believe the greener skies initiative was a limited upon by both the deputy secretary and the acting administrator of just tremendous success stories. while i won't go into details about that, this collaboration, this work, with the faa over several years, moving flight tracks over water from reducing miles long, optimizing the central profiles and altering air traffic control procedures all enhancing navigational performance, alaska airlines, the largest carrier in seattle along with others, they are reducing fuel burn and emissions today, reducing noise exposure indicated, and alaska expects to save over 2 million gallons of fuel annually as a result this collaborative effort. this is nextgen that is happening today. in the seattle metroplex. mr. chairman, the complaints in

seattle is -- about surmounting the non-technical barriers to implementing nextgen. i'm expecting that the final tasking from the faa to my chairmanship will be to explore these non-technical peers at of afford to recommending have to effectively cut through these barriers in the future. a couple closing thoughts. as i just put out my jetblue had for today, first of all, jetblue operates primarily in the congested northeast airspace with our two biggest focus is being that of new york's kennedy airport, where the largest airline, and also at boston logan airport, fourth largest care. jetblue believes in the promise of nextgen. we certainly do. the industry does. we are required solutions today. this is on behalf of the 39 people that we are accommodating over the course of 2012, and growing. so when we think about some of the partnerships, and again i won't go into details by the

deputy secretary and administered, the 80 out partnering that we're doing in terms of equipping 35 airbus, to pioneer new routes and more fuel-efficient routes, more in nation friendly routes, shorter elapsed time routes from the northeast to florida in the northern caribbean i think is a very important example of collaboration. and also i would just say that a name with the faa, the use of what we call the rmp 13 left and right approach into the john f. kennedy airport has allowed us greater predictability into your home base of operations in new york. these unique performance-based navigational procedures utilize a constant vertical descent in conjunction with a precise curve flightpath resulted in a stabilized approach path, shorter five times as well as reduced to burns, emissions, noise. i think in my closing thoughts, very good progress is taking

place i was on half of our airline, as i put my hat on. i think i would be remiss if i didn't have it that we are a little disappointed that a new procedure that was put into place at laguardia airport has been suspended because we do think that conflicting, de- conflicting some of the airports in the new york metroplex, and this just happened recently, i think we work through this, will benefit all of us in the new york megaplex. but all that said, very pleased about the partnership that is taking place. and closing nextgen is a vital and necessary evolution for the aviation industry. it's just as important for our nation's economy. nextgen will reduce aviation fuel burns, improve the environment. implementing nextgen will improve the efficiency and safety of aviation while adding jobs and strengthening our economy. the case for nextgen has been and continues to be compelling. i would again like to thank you, mr. chairman, ranking member costello, just in which members certain of the committee. for hosting a panel today. i look for to any questions you

might have. thank you again. >> thank you. mr. rinaldi? >> thank you, mr. chairman, ranking member costello, thank you for all of this hearing today. nextgen is a catchall phrase over the last 10 years that means everything to everybody in the aviation community. naca is proud to be involved in essentials stay cold and nextgen development and fully participate in the nextgen advisory committee. the nextgen advisory committee has done an outstanding job of assembling the elevator speech, so the second of what nextgen really is. of using satellite-based technology, streamlining approaches to reduce emissions, using this technology to reduce voice communications for voice saturation on frequencies. that's what nextgen is in the short term and near-term.

we've heard a lot about eram. believe it or not eram is not considered a nextgen program. eram was mostly implemented by now. collaboration is key for nextgen to work. collaboration is key for anything to work i think in li life. but eram in 2009 when randy babbitt took over and when secretary lahood was confirmed and went michael huerta got involved were not involved in eram at all. at the time it was already over budget and it was not deployed any facilities across the country. and it was in january 2010 we actually start to get involved in identifying those number of areas that we were getting on, on the positions as we are testing eram in the background that it was unacceptable and unsafe to run in air traffic control facilities to track airplanes. through hard work, through

collaboration, through the passion of our controllers being involved in eram we are proud to say it is up and running continuously and five facilities across the country and hopefully we meet the goal in making 2014 and being deployed across all of our facilities. the important thing to note is eram started to be developed in 2003. and 2009 it was ready, supposedly ready to be deployed, spent 100% of its contract, and it wasn't even close to being finished. in two short years we have brought it from not being able to work any facilities to working in five facilities and we are working hard and real important, to get eram involve in nextgen discussion. here's why. we talked about the taxi navigation conditions between pilots and controllers, swim which is the information component that will visit the cockpit in real-time, real-time

necessity, all of that doesn't work and is eram is deployed. so we have to focus on eram in making sure that the action is deployed properly, continues to be focused. our reps are very proud of what they've done in eram. and when we put them in place we said make it safer, make it better, and make it work. the collaboration started with developing, testing, training and implementing. and we take it short steps out of time. and here's why. let's not ever lose the fact that we're running the safest, most efficient system in the world. we are trying to change technology and is not a flip of a light switch. while they're changing the technology it's like changing a tire on a card that is running down the highway at 65 miles per hour. we are still moving 100% of the airplanes and changing technology at the same time. as we take these steps in success we have to understand how we're getting there.

we understand how eram became a complete failure and is over budget, because stakeholders were not involved. now that stakeholders are involved, we are seeing the success of the. as we move forward, and i've heard a lot of discussions about future panels on nextgen, we cannot forget how we got to the success of eram to every program in nextgen. that you need real stakeholder involvement so that when we deploy, we trained, we test and we develop, they are involved in the front and so we save money and keep it going. one of things i wanted to talk to you about is recently we talked to one of the eram programs, a terminal replacement. we stumbled across our monitor problem where flickr's. when you turn the lights down and just flickers and it's a huge distraction. for anyone who has seen a greater scope you can't look at that for a long time when it flickers like that. we found workarounds where we

were going to save $9 billion. if we are involved early as we were, that is how we can save money and deliver on-time products. once again i thank you for the opportunity to testify in front of you. i do want to thank you for holding this hearing. i urge you in the next congress to hold more hearings so that we continue to keep the focus on nextgen and it's important programs. thank you. >> thank you. >> thank you, mr. chairman, mr. costello. as you know, i'm here today both as a representative of the national business aviation, and in my capacity as vice chairman, and you're very familiar with both of those organizations. i'd like to use my time here today to pick up on the theme that i think congressman costello articulated so well which is where we were and where we are hoping to go.

you know, mr. rinaldi said that when we started on this, nextgen kind of meant everything and everyone. just another way of saying it meant nothing to anyone. if everything is a priority, nothing is. but i think where we are today is nextgen is beginning to mean the same thing to everyone. and that's a pretty important accomplishment. we've talked today about the fact that nextgen is transitioning from ground-based navigation to satellite-based navigation, transitioning from analog to indication to digital communications. and we're doing that for very specific reasons. we are doing that because we believe nextgen can get a substantial capacity increases that will reduce delays. we believe nextgen will enhance safety by improving our situational awareness.

and we're doing it because we believe nextgen, by providing more direct routing, can reduce our environmental footprint. so we are embarking on this transformation for some very specific benefits. and we are laying out a path, i think the jpdo has done a great job of laying out a vision for where we want to go, and over the course of the past several years, rtca has been taking castings from the faa and beginning to figure out how we actually move forward very clearly. and that movement forward is not without its challenges. we are learning that nextgen is not just about technology. clearly eram is part of it. swim is part of it, but it's also about policies and it's about procedures. it all has to fit together if we're going to move forward. we are seeing ourselves begin to

move from a vision to an operational system, beginning to take philosophical approaches to issues such as deciding that it's not a big bang one size fits all that dude everywhere all the time, but a more measured metroplex approach that looks at some of the unique attributes of the community. i think a lot of the progress that we've made so far is directly attributable to this subcommittee, the leadership that you have provided in the accountability you have demanded. and i also want to say that i think a lot of the progress is a result of the tremendous leadership that david barger and naca has been able to provide. naca has brought together a diverse industry stakeholders that you have demanded. we have the military involved, we have general aviation

involved. we have airports and false. we have the airline. we even have community representatives, and we're all trying to move forward because we understand that we're all going to benefit. the question was asked earlier to all the stakeholders support, and i can speak for the broader general aviation committee saying we do support it because the reality is, the system that we have in the united states just like everywhere else was built largely to accommodate the needs of the commercial airlines. that's entirely appropriate. general aviation including business aviation participates in the. but what we have seen is time and time again, as airspace becomes congested or airports become congested, general aviation gets pushed out a little bit. i remember when at midway airport was a great general aviation airport for fort lauderdale executive or san jose or manchester. you see how that begins to evolve. we want to make sure that we can

expand that capacity, enhance the safety, realize the environmental benefit. and i think we are moving forward today. we've got a lot of challenges ahead. we can see the wet pavement but we have an opportunity to move forward and i want to thank forward for the leadership and accountability that has been demanded by this subcommittee because the benefits of them very tangible. >> thank you. ms. bael. >> thank you, chairman, ranking member costello, thank you for inviting me to speak today. i'm the director of aviation for the port authority of new york and new jersey. we are responsible for the busiest airport system in the country. comprised of jfk, newark international, laguardia, stewart, dedicated solely to general aviation i might add, peterborough. together these airports serve more than 107 million annual passengers. that's about 20% of all u.s.

flights operate to our airports. first let me begin by applying the members of this committee for delivering a for your faa reauthorization bill. i particularly appreciate how you included a strict timeline and metrics in the bill that will help us analyze delivery and benefits of nextgen. i also have to thank acting administrator work out who's also our designated federal officer and the nextgen advisory committee. the other is mr. barger has been going to guess provided careful guidance of how to move the nextgen agenda forward. and i'm very proud to be known as a member of that committee. i was honored to be part of transportation secretary neighborhoods future advisory committee we're nextgen was a fundamental element of nearly every conversation we had, no matter what the subcommittee.

i should be clear, i really never intended to learn this much about nextgen, but in many ways i just had to. with experts like vicki cox or paul rinaldi here today, i can't claim really to be an expert but i know and i had ever hoped to about this subject. and it's no secret that our airports are consistently ranks at or near the bottom in on-time performance. and those delays in or airports trickle throughout the country. one in three u.s. flights are affected by delays in the new york/new jersey and philadelphia airspace. and 40-50% of the national airspace ground stops and ground delays occur in new york. that means right now about half of all flights in the country being held at a gate or delayed on the tarmac, can trace their delays to one of airports in the new york/new jersey region. delays and insulin capacity constraints have stifled growth

and effectively put a no vacancy sign on jfk, newark and laguardia. economists have calculated that for every billion potential additional passengers who we cannot serve, there are 5000 jobs that don't get created in our region. so delays are not just an annoyance. they cost money, real money, and have real economic consequences. extra fuel, a new flight crew, hotel vouchers, missed many, extra meals at an airport and so on through the system. in 2010, a university of california at berkeley study found that flight delays caused the united states $32.9 billion a year. most unsettling of all is the fact that air passengers they are the largest burden. delays are a threat to this nation's global competitiveness. so how can we as a nation continue to rely on air traffic

control system that is fundamentally what was used in the 1940s? we can't. we must act quickly to fix this problem because the cost of inaction is simply too great. nextgen is the fundamental backbone of the solution, not the only part of the solution but it is the backbone. not to be selfish but i'm told my airports are responsible for 50% of the problem, i really think that nextgen has to be implemented in the new york/new jersey region as soon as possible where it can deliver the greatest benefit to the country. but i'm realistic. i understand the wholesale revamping of the way our airspace function can't happen overnight. however, by attacking the problem where it is most acute nextgen can deliver improvements to constituents throughout the country, green bay to tampa bay, from portland, oregon, to portland, maine, and all the points in between. so according to 2010 gao report,

our three airports along with philadelphia, atlanta, allaire and san francisco, account for 80% of all the departure, delays across the entire country. so you fix it in new york and a few others, and you can fix the problem everywhere. the problem in new york is so huge that we can't wait until 2018, or 2020 are whatever the date is when the first nextgen benefit should be realized. recognizes that our problem is too ambitious of national urgency, in 2009 the port authority established a national alliance to advance nextgen, a coalition of business, civic and industry groups and organizaons devoted to getting of the message about nextgen. we continue to grow, and last month we reached 1000 members. in fact, 1000 member with the chicagoland chamber of commerce from ranking member costello's home state. and all come with members from all 50 states and washington, d.c., sure when

industry's from wisconsin, organizations like the los angeles chamber of commerce in california, north carolina, saint business, and hundreds more. together these organizations represent tens of minutes of u.s. air travelers who are demanding improvements to our national air traffic control system through the implementation of nextgen technology, policies and procedures. we have already begun piecing together elements on the ground including a revolutionary around management system at jfk that has helped to minimize delays. we have done it in conjunction with our friends at the faa and airlines using jfk, in a very collaborative effort we have been very successful. we are working with the faa to expand the program to laguardia and newark airport. jfk alone, the system has saved nearly 5 million gallons of fuel

and almost 15,000 hours of taxi time annually. over the last decade, our agency has invested more than a billion dollars to make airport operations on the ground more efficient. our initiatives have delivered. we've invested in building high speed taxiway, minimizing runway occupancy time, enabling a more efficient procedure. the bottom line is that tens of thousands of hours of delay have been averted to say nothing of reduction in emissions, environmental benefits that come from curbing delays and congestion. as we move forward to nextgen we made a number of efforts to be better neighbors, having recently launched single phone number that pulls together all of airports noise complaint hotline together with a website that enables the public to express concerns regarding aircraft noise. this new system provides feedback in real time to have standardized the posture and offers the to analyze the complex than we have in the

past. as we have before we will share complaints statistics with the faa to ensure that they are aware of the volume and origin of complaint that they may consider any operational justice such as runway selection is feasible. all of this is well and good, except that admittedly these efforts are not making improvement, are all making improvements at the margin. it doesn't mean we're going to stop nor will i stop advocating for the swift implementation of nextgen. members of congress, we cannot afford for it not to happen. not in this economy. not in any economy, frankly. at a time of tight in the budget end of the fiscal restrictions, it will prove challenging to fully fund nextgen, but do we instead continue to risk the mounting challenges we will face as a nation, stuck with the world war ii era radar-based air traffic control system? with so much at stake i urge members of this committee and congress to move quickly to implement nextgen technology.

we certainly stand ready, willing and able to assist. thank you. >> thank you, and thank you all for your testimony. mr. barger, you have the opportunity to spend a couple of years immersing herself in some of the issues involved in pieces of this problem, and i think it looked at from the point of view of your own organization, opportunities and challenges. i don't know, i would be remiss if i didn't ask, if you had any ideas or suggestions for feelings about how the process is going, and how it can be speeded up. ..

>> to help move this thing forward faster so that boards see opportunities and have specific, something, you know, specific investment opportunities that would, in fact, not just involve new equipment, but some new flight plans and all the rest so that there would be a payoff for their organizations. could you sort of discuss how you see us help moving this thing forward? >> sure. thank you so much, chairman. if i may, i think i tend to be a

cadence person, and when i think about these past two years and bill ayer now moving into the chair role from the neck -- >> and by the way, this is by the good work of task force five work being with the fcc -- but the fact for industry stakeholders to have a seat at the table, to respond to the fcc which are complex, seattle is different than new york, north texas is different than atlanta, but the ability to talk about these complexish shies and respond to the task-in, but i think first and foremost keep the committee in place with a cadence put in place for federal advisory meeting cadence with the faa. number two, continue the task-ins. so the task-ins that have come across -- >> and we go live this morning to the newseum here in washington to hear remarks from

homeland security secretary janet napolitano. she'll discuss cybersecurity threats facing the u.s. she's joining several other panelists at this summit. this is live coverage on car accident span 2. -- c-span2. >> every one of our panelists are going to be taking questions, and i encourage you to think about what you would like to ask. for secretary napolitano, we ask that you, please, write your questions down on this note card. the moderator will ask the secretary the questions as time lows. for our -- allows. at that time i ask you to, please, stand up, state your name and your organization and ask your question succinctly. please silence your cell phones so that we can have an uninterrupted discussion this morning, and finally, if you'd like to join the conversation

via twitter, we have a hashtag which is cyber summit. or first speaker is janet napolitano, the third secretary of the homeland security department. secretary napolitano was in her second term as glove of the state of -- governor as the state of arizona and can was named one of the top five governors in the country by time magazine. she served as the u.s. attorney for the district of arizona. it's my pleasure to welcome secretary napolitano. [applause] >> well, thank you, and good morning. happy friday to everybodiment. >> happy friday. >> happy friday. there you go. and i want to thank "national journal" and governor executive for inviting me to this year's cybersecurity summit because i can think of no more important

or urgent topic in today's interconnected world. um, the cyber domain is woven into the fabric of our daily lives, and while this increased connectivity has led to significant transformations and advances across our country and, indeed, around the world, it also has increased the importance and complexity of our shared risk. the flipside of all the good that comes from the internet is that cyber attacks have increased significantly over the last decade. indeed, they've increased significantly in the nearly four years that i have served as the secretary of homeland security. he's a quick sense of -- here's a quick sense of scale. just last year our u.s. computer readiness team which provides response and defense against cyber attacks for the federal civilian part of the government,

the dot.gov domains, last year it responded to more than 106,000 incident reports and released more than 5,000 cybersecurity alerts to our public and private partners. specialized dhs teams conducted 78 assessments of vulnerable industrial control systems, the possible gateway to a catastrophic attack. the word "cybersecurity" encompasses a broad range of malicious activity from denial of service attacks to the theft of intellectual process to intrusions against government networks and systems that control our critical infrastructure. last year, for example, a water plant for a small town in texas disconnected its control system from the internet after a hacker posted pictures of the facility's internal controls. more recently, cyber attackers penetrated the networks of companies that operate natural gas pipelines.

and computer systems in critical sectors of the economy including the financial, nuclear and chemical industries are increasingly targeted. we also face a range of traditional crimes tar now perpetrated -- that are now perpetrated through the cyber network including por nothing by and banking fraud, all of which pose severe economic and human consequences. a norton study last year calculated the cost of global cyber crime at $114 billion annually, and i think that is a very conservative estimate. but when combined with the value of time the victims lost, this figure grows to 388 billion globally which is significantly more than the global black market in marijuana, cocaine and heroin combined. so how do we address these threats? moreover, how do we address them across a distributed network

that is largely controlled by the private sector and yet touches every single one of us from large companies to state and local governments to individual users? we begin by fostering a culture of shared responsibility engaging all levels of society and working with key stakeholders to make cyberspace as safe and secure as possible. now, dhs has some very important responsibilities in this regard. we are responsible for securing unclassified federal civilian government networks and working with owners and operators of critical infrastructure to secure their networks through risk assessment, mitt gaig and incident -- mitigation and incident response capabilities. to protect federal civil agency networks, we're deploying innovative technologies to detect and respond to intrusions and developing effective mechanisms to reduce the negative impacts of any potential attack.

we're responsible for leading the national response to significant cyber incidents and maintaining a common operational picture for cyberspace across the government. we act in some ways like a cyber fema where resources are coordinated and deployed with dhs serving as the hub of a very large wheel. we leverage the skills and resources of the secret service, immigrations and customs enfofsment, the coast guard and customs and border protection, and we work in cooperation with doj and especially with the fbi to investigate and prosecute cyber criminals. we also have a focal point for the government's cybersecurity outreach and awareness efforts. it's important to note that private industry owns and operates the vast majority of the country's critical infrastructure and cyber networks.

consequently, the private sector plays a critical role in protecting the nation's cybersecurity. dhs has initiated several programs to promote that public/private sector coordination. to enable us to coordinate responses to innocents at all levels just like we do, as i said before, for incidents in the physical world. the private sector is an active participation in the communications and integration certain. lots of acronyms in this business, but the ncic is a 24/7 watch center that coordinates activities across the federal government and with private sector partners providing watch and warning, analysis and a coordinate mated response. dhs is also leading efforts to protect critical information infrastructure by sharing actionable cyber threat info,

helping stakeholders identify vulnerabilities before a cyber incident occurs and providing forensic assistance to aid response and recovery after we learn of a cyber attack. as i mentioned, for example, our industrial control systems computer emergency response team conducted 78 assessments of control system entities which helped those companies secure and identify gaps in their systems and prioritize their mitigation activities. we also made available a cyber self-evaluation tool which was utilized by over 1,000 companies just in the last year as well as in-person and online training sessions. continued innovation is critical to keeping cyber networks and systems safe. we have a very strong science and technology directorate that works collaboratively to research, develop tests and

transition deployable cyber solutions and technology. so among its many projects, s and t is leading efforts to develop and deploy more secure internet protocols to protect consumers and industry internet users. and because each member of the public plays an important role in cybersecurity, we sponsor the stop, think, connect campaign. this is a year-round national public awareness effort designed to engage and challenge americans to join the effort to practice and promote safe online practices. we want good cyber habits to be as ingrained and as familiar as putting on your seat belt. so if you're not already a friend of stop, think, connect -- the stop, think, connect campaign, i encourage you to join today. and in just a few days, we will kick off national cybersecurity awareness month which is an opportunity each october to emphasize the culture of shared responsibility necessary to

maintain a safe, secure and resilient cyber environment. finally, we must work internationally because the cyber domain does not respect traditional national boundaries. and attacks can and do emanate from any place around the globe. last may the united states released a new international strategy for cyberspace to help provide a blueprint for building an international framework to make cyberspace more secure and reliable. but much remains to be done in this area as the need for sustained international engagement becomes more apart every day. apparent every day. so there's still a lot of work to do because threats to cybersecurity are real, they are serious, and they evolve rapidly. together we can and we must maintain a cyberspace that is saw and resilient, that remains a source of tremendous opportunity and growth for years to come.

to that end, we need to work more effectively with the private sector to tackle two key challenges. first, realtime information sharing between the public and private sectors and, second, wilder adoption of sign -- wider adoption for the nation's core critical infrastructure. in cyberspace, seconds matter, and when information isn't shared quickly around the government and private sectors, it makes it infinitely more difficult to prevent attacks and minimize any damage that might occur. therefore, we need to insure that the government can use information at various levels of classification to help the private sector protect itself. we also need greater information sharing so that government can learn from the private sector where people fight this threat every day. frequently, businesses, state or local governments are the first to identify new malware or other

cyber threats. sharing that information with dhs enables us to prepare others and provide assistance as requested. but the majority of successful intrusions use vulnerabilities that are widely known. the information was there, but there was no action. that's why we also need standards for companies upon which our national security depends. as part of this effort, we encourage private sector capacity building for cybersecurity including investment in strong cyber defense protections and work force training. now, for decades try and government have -- industry and government have worked together to protect the physical security of aspects from airports to seaports to national broadcast systems and nuclear power plants. there is no reason why we cannot work together in the same way to protect the cyber systems of our core critical infrastructure upon which so much of our economic well being, national

security and daily lives depend. nonetheless, in the current land scape we execute cybersecurity missions under an amalgam of authorities that need to be updated, clarified and streamlined. the plain fact is that we must address cybersecurity now, not years from now, and dhs is committed to working with all affected parties to move forward quickly on this issue. and in the meantime, we're moving forward on building our own world class cybersecurity team and a strong, depend bl work force pipeline for the future. we're making investments in the cyber work force, growing our national cybersecurity division by more than 600% over the past four years. and the president has requested a 74% increase from congress to the dhs cyber budget in fy-13.

we're also building stronger cybersecurity career paths through scholarship, fellowships, internship programs, creating more training and developing opportunities and extending the scope of cyber education beyond the federal workplace while working to attract top professionals to work with us in the scientific and cyber fields. we also began a new effort through our homeland security advisory council in conjunction with public and private sector partners to develop an agile cyber work force across the federal government, and i'm looking forward to the recommendations. now, in conclusion, all of us fend on a safe -- depend on a safe, reliable cyber network in our daily lives and businesses. all of us must help protect these networks, and that's true whether you're a security professional in government, a member of the media or a casual internet user. we share the advantages of our internet age, but with those

advantages come responsibilities. so i thank you all for being here this morning to discuss this topic, and i thank again the national journal and government executive for hosting today's gathering. let's get to the questions. thank you. [applause] >> thank you, secretary napolitano. interviewing the secretary this morning is shane harris, he's an award-winning author and currently a senior writer at washingtonian magazine. shane actually wrote for the national journal for many years and also formerly for government executive. thanks for being here this morning. >> madam secretary, thanks very much. i want to pick it up where you left off and take it to where things stand right now. the administration and congress have been trying to pass a cybersecurity bill that's been unsuccessful, but you have said the administration is preparing to release an executive order that will allow the government to do many of the things,

presumably, that you want to do in the cybersecurity bill but won't be able to do legislatively. where's that order right now, when are we going to see it, first of all? >> well, there is an executive order that's being drafted in the inner agency process. i can't give you a firm timeline, but it will help in terms of clarifying authorities and the like. but it can't do a few things that only legislation can do -- >> such as? >> such as liability protection for companies when they are sharing information, such as giving dhs some relief from the normal civil service and salary requirements that we can pay so that we can compete in the workplace for workers better. so, and there are a few, and there are other things as well. so the executive order, an executive order will help, but we still need comprehensive cyber legislation. it's something that, you know, the congress is going to have to

come back and address. >> so getting into the guts of what it would do, you've talked about you said in testimony on the hill recently that there's already been a deep dive going into various sectors, critical infrastructures, places where it's presumed the government could use some of its existing regulatory authority to start setting standards, to start demanding things that certain infrastructures share more information. what would the order potentially say, and since you have been doing a deep dive on these sectors, where do you think you'll go first? >> well, again, the executive order is in draft, and the president has not yet had the opportunity to review it, so i need to be very cautious here in that regard -- >> he's a little busy. >> he's been occupied. [laughter] >> but i think we are very cog cognizant that in some industries there exists already regulatory authorities that can

be used for cybersecurity. we don't want to be redundant. we don't want to overload. but what we want to do is make sure that the core critical infrastructure of the country protects itself. and one of the real problems we have in that regard is cybersecurity is kind of a shared good, in other words, it's not something that you would necessarily put on the bottom line as your return on investment. so encouraging the kind of investment necessary is very difficult. and when security is concerned, we have to really approach it as to, well, what does the nation need? >> and if you had to pull back then and look at some of these critical infrastructures that you're talking about, let's name some of them. what's the most vulnerable infrastructure right now, the one that needs the immediate attention if your view? >> all of them. so i will not rank them. [laughter] >> but you mentioned oil and natural gas. >> yeah, let's take energy, let's just take the energy sector because it's an example

where you already have ferc, and it has its regulatory authorities, some of which already touch on cyber. so when we do a deep dive, we're looking at, well, what's already happening in that particular sector. do the -- >> and do you look at, too, if it's any good? >> absolutely. have we actually done what we need to do -- >> yeah. >> -- to make sure the sector is as secure as possible. >> um, and do you think that this -- first of all, i want to qualify, is it going to be a new executive order or an expansion on directives that have already been put into place? >> again, i don't want to go into too much detail here, but i would say it is in the format of a new order. >> okay, okay. and are you still hopeful about legislation in the long term too? >> i think we have to. as i said, the executive can only do so much. legislation does need to be addressed. i think one of the benefits of

the debate in congress this past spring and summer was, i mean, there was a real lack of basic cyber awareness in the congress and what this means and what the security vulnerabilities of the country really are. and i testified several times. i said, look, we deal with threats emanating from all over the world, there are all types of threats, but the two that we see most often and require sustained attention are aviation and cyber. and cyber, as i said in my remarks, you know, it's been on a growth curve like this. so the congress is, i think, now more aware than they were before -- >> by aware, do you mean of the nature of the threat or the immediacy of it? >> yes, absolutely. and we did some demonstrations to members down in the skiffs in the capitol -- >> are sort of scared them a little bit. >> hope my, yes. [laughter] but it gave them a sense of

awareness and urgency. and i regret that the debate kind of devolved into the typical, well, this is regulation or not regulation. this is a security issue, and it's a security issue that should be a top priority. >> you could almost predict it, right? we were talking about at the end of the day s the government coming in and telling private companies how to run their property? >> no. >> no? >> what we're talking about is a very viable and vital partnership between the public and private sectors where there's realtime information sharing and where there's the employment of best practices and the best technologies available. so, um, i don't view this as government coming in and telling you what to do. far from it. what we're saying is, look, if you are the owner and operator, core critical infrastructure on which other businesses depend and families depend and commitments depend -- communities depend, we need to make sure your cyber networks are as secure as possible and that should you be detecting

signs of malware or intrusion and the like, there's realtime information sharing so we can help mitigate the threat. >> don't they know that now? i mean, it seems like there's a general awareness of the threat. these companies surely know that they are under attack, if there's information's being stolen. they know you're very concerned about it. i guess i'm getting at how much cooperation can you get from them is if this is voluntary? you know, where's the stick in this? >> well, i think, again, it is, i think, highly possible -- and we do it in other ways, too, with critical infrastructure in terms of their physical protection. so you engage in that same kind of partnership, and you reach out. we say they're aware, and they say they're aware, but when it comes down to where do you invest in your company, where do you put your resources, that

decision is not one that wouldn't normally take into account the cybersecurity for the country beyond your particular element, yet we're all interconnected. and that's why there is, you know, a need for public and private partnerships. >> can you take some of those energy ceos and put them in a skiff and give them the education you did members of congress? >> i think, again, ceos, board members and the, like, and i don't attribute anything to nefarious here, i'm just describing the reality that we have right now. the reality is that in much of the nation's core critical infrastructure, we have cybersecurity vulnerabilities, and we don't have the ability to get realtime information so that when there is an attack, we know about it quickly and we can, and we can move to mitigate. >> people see this in their own lives, too, don't we? we take it for granted. if you practice two-layer

authentication with your e-mail and multiple passwords for your account? we don't always integrate it into our lives, and we often treat it as an after thought. >> that's why decades ago nobody put a seat belt on when they got in a car. in fact, cars didn't even come with seat belts. we need that same kind of cultural awareness and change more quickly where cybersecurity is concerned. >> do you have amazon and itunes accounts separated in different password for everything? what does your personal cybersecurity look like? >> well, okay, don't laugh. i just don't use e-mail at all. >> really? >> yeah, yeah. >> because it's too time consuming or for security purposes? >> um, for a hole host of reasons. so i don't have any of my own accounts, and that, you know, i'm very secure. >> yeah. [laughter] >> you're off the grid. >> yeah. yeah. [laughter] >> i wouldn't -- >> some would call me a luddite,

but that's my own personal choice. and i'm very unique in that regard. >> right, right. especially in washington. let me talk just a little bit about, i want to talk about your department's role vis-a-vis other agencies that have a stake in this. and, obviously, you are looking primarily at the civilian domain, the national security agency is looking at intelligence community and defense, but there's a partnership there. and i often hear people say the nsa's going to be providing technical expertise, tech assistance to the homeland security department. what does that mean? i think a lot of people see that, and i -- they think is a bunch of nsa guys sitting in your office with their technology, and you will be the face of it, but the guts is going to be coming out of the military. >> um, actually, we already work very closely with the nsa. we have people located at the nsa and with the fbi.

so you really are a three-legged stool. you got the nsa -- you've got the nsa which is responsible for intelligence and intelligence gathering abroad, you've got the fbi which is often the lead when there's an actual criminal investigation going on, and you've got dhs which has the responsibility for system protection. and so between myself and the director of the fbi, the head of the nsa, the three of us have been personally engaged in making sure that we have people colocated and that we are clarifying our own relationships with each other because that's the way we maximize the resources eachover us brings to the -- each of us brings to the table. but, no, we don't intend to have the nsa parked in every american's home. that's not the purpose of it. the purpose is to make sure that cyber networks and the core critical infrastructure and civilian/government networks are safe. >> is that where the technical

expertise resides right now, i mean, in terms of they've got the, hackers have the guys in neurals who know the networks? >> it is, i think, a unique resource that the united states has. we also have, as i mentioned, the ncic. the fbi has a computer, jttf, cyber jttf, so there's expertise in the other areas of the government. and then you get into particular sectors; d. of energy by way of example which has the national labs which are also huge resources. so you have them armed, but in terms of d you have them around, but in terms of one place where there is considerable cyber expertise, probably the best in the world, you would look first at the nsa. >> how often are you talking to general alexander and bob muller at the fbi? is it sort of an ongoing process right now? >> it's ongoing, but the three of us do get together, and --

because we're building here. i mean, this is kind of a new way to look at this new and is evolving threat to national security. and so we have to kind of get out of thinking, thinking analog and think digital. i mean, we have to really move and really think of government institutions and how best they organize themselves. >> we're going the take questions from the audience which you're going to be writing down on index cards, but as we're waiting for those, i want to also get into the domain of cyber war fair, if you want to call it that. i know a lot of people don't like that term, but there was a senior nsa official, deborah plunkett at nsa, gave a talk in which she said something extraordinary, she said we're starting to see nation-state resources and expertise employed in cyber in ways we would characterize as reckless and disruptive behaviors x. what she was alluding to was other nations, which she did not name,

engaging in online behavior, you know, i suppose in this realm you would call something more than saber rattling but something short of an offensive capability. i want to know first off, you know, who are these countries that we're talking about, who are the reckless actors and what can dhs do about it, and second i'd like to know whether or not you think this there is a sort f inivity about about this. i know you're not going to talk about our offensive capabilities, but i think it's fairly well known we are on the the leading edge of that, and shouldn't we be expecting ore countries to be -- other countries to be messing with us as we've been messing with others? >> um, i think this goes to a point i made in my remarks, and that is the inherently international aspect of this. and, you know, the traditional kind of law of war, nation-state analysis doesn't really work here in many respects.

so i think it's time for the nations of the world to have some kind of opportunity to come together and really look at a global convention or something of that sort that deals, um, you know, directly, fairly and centrally with the need to have a safe cyber environment for everyone's mutual benefit. so it's not just about the united states, it's about other countries of the world -- >> so that could look like a treaty? >> it could look like a treaty, it could look, like i said, any kind of framework. and, you know, that international dialogue to a large extent has been missing. >> do you put yourself in the camp with people who are in very senior positions like yourself who look at cyber weapons as strategic weapons? you start drawing these analogies to the cold war, to the nuclear arms race. do can you see them that way? >> not necessarily. and, you know, i think we have to be really rigorous in our

thinking as to whether those compare softens really apply. -- comparisons really apply. >> there's a lot of hot talk. >> there's a lot of hot talk, but it is washington d.c. >> um, some questions from the audience here. this one goes back to the executive order because it's more specific than what i asked you where does the president's authority begin and end roading a cyber executive -- regarding a cyber executive order? can he issue the lieberman bill simply as an order? you've answered the second part, but the president's authority, where does it begin and end, is that something you're looking at, and do you know the answers to that? >> i'd start with article ii of the constitution of the unite and the powers that derive from that, and there's a number of supreme court cases that follow that. but you begin with the president's responsibility to keep the nation secure. >> does he run into, does the administration run into a problem that if you all are

doing this, essentially, by fiat, i mean, your going to be accused of circumventing the legislative process, you're issuing orders, you're drawing analogies to executive authorities that was practiced in previous administrations, do you worry about that? >> i think, again, congress has had a full opportunity to act. they -- and it's the preference. and any executive order cannot do all that legislation can do. so we're still going to need congress to come back and to act. but in the meantime, there are things the president can do under his existing authorities that are under consideration. >> and it should be noted there are members of congress that are urging you to do this. it's -- >> yeah. they're on both sides; don't do it, do it. i think senator lieberman has advocated that it be done because of the frustrations in getting the senate to act -- >> but you think you can come back to it in the next section,

in the next congress -- >> we hope so, yeah. >> okay. somebody said can you talk about what dhs is doing about denial of service attacks on u.s. banks, and you could take that even more broadly about your role in securing the financial sector, i think. >> yeah. i think the financial sector's another what we would consider core critical infrastructure. we work with them in a number of ways to share information and to help mitigate any damage that's occurring if we are requested to do so. and we do have representatives of the financial sector in the ncic. >> so they are there sharing information back with their industries and providing sort of a conduit to you, is that what they're doing? >> that's right. and we have, you know, dhs for physical threats when it was started, the department was started, divided the nation's economy into 18 sectors. each sector has a coordinating

council representative of the private industry in that sector that works directly with dhs on physical infrastructure, safety and security. and we are using that same kind of model for how we do cyber. >> there's a question here that i wanted to ask you, i like this. cybersecurity continues to p capture more and more researchers across from the government, sometimes referred to as a black hole. i like that. how much spending on cybersecurity is enough, and how do we stop the need to grow without assuming greater risk? there has been so much spend anything this area, it has captured the imagination in a context that i haven't seen anything since maybe even the war on terror in terms of sort of an animating kind of, you know, field, if you like. how do you know when you've got enough? how do you measure that? whether it's resources or whether it's new systems you're going to be putting in place, i mean, where -- how do can you know when you sort of hit the optimal level?

>> um, that is hard to say. in part because you're not dealing with fixed points, you know? you begin here, and you end there. because the "there" is always moving. so we have to be able to be agile, we have to be able to be flexible, we have to have the work force be necessary to carry out our responsibilities. um, how that equates into government versus private sector spending, i think, is an impossible question to answer at this point. >> ajilt and flexibility, though, you talk about the need for the realtime monitoring capability. i think we can also get a sense of what that would look like. how close are you to having it, though? where are the impediments between where we are now and what sort of your perfect system is to be agile enough to do the job as you're describing it this. >> well, i think one of the impediments, quite frankly, is information sharing from the private to the public sectors is

episodic and, you know, sometimes we get it, sometimes we don't. there are industry concerns about opening themselves up to liability if they share certain types of information. there's, i think, a fear that if you acknowledge that you have been the subject of an attack, that your competitors will use that against you. so, you know, the information sharing we have now is not as robust as it really needs to be. >> who are the best sharers and who are the worst? >> again, without -- let's just say that there is room for improvement across all sectors. >> we only have time for a couple more questions, but i want to ask you, i interviewed you four years ago after you'd just been confirmed, and i asked you your biggest surprise the first months on the job, and you said you knew this was going to be a very big job, but the sheer enormity of it exceeded your

expectations which i think were already pretty high. looking back on this now and, obviously, this is what we're talking about today, a piece of what you do. you only have to secure the airports and borders and immigration security. [laughter] i guess, what have you learned looking back? this how do you appreciate the job now four years since i asked you that question the first time? >> um, you know, this is the third largest department of the federal government. we have a huge international presence. we're this 75 countries as well as -- we're in 75 countries as well as around the united states. you know, we have huge responsibilities for disaster response and resilience, for, as you said, securing air, land and seaboarders, immigration enforcement. you name it, you know, we've got it. so i've really, i think in this position you really see how government needs to work to maximize our ability to protect people without invading civil

liberties. and we're always, you know, working on that, what's the right balance there as well. so it is, it's a big job. >> will you stay in the administration if the president's reelected? >> i don't answer questions like that. >> if you weren't homeland security secretary, what job would you want? attorney general? >> again, i don't do what ifs. [laughter] >> what's your dream? >> my dream? you really -- i think i want to focus on this job. this job has every day is an adventure. so it has a lot of elements to it. >> okay. madam secretary, thanks very much. >> thank you. prison. [applause] >> thank you for that, madam secretary and shane, that was a great interview. my name is tim hartman, i want

to welcome everybody today as one of the co-hosts of this event. we're going to move on shortly, but before we do, i just want to thank our underwriter for this event, for supporting it. our underwriter today exclusively is medapp, and we wouldn't be able to do events of this quality without the support of underwriters, so while we do some logistical work on stage, i'd like to welcome trisha davis to say a few brief remarks. >> thanks, tim. um, so thank you all for being here today, and we're thrilled to be here with you. um, you may know medapp as a data management and storage company, so you may be surprised to see us at a cybersecurity event. but in the key domains where we work which is cloud security, mobilization, mobility and big data, of course, the

conversation begins and ends with cybersecurity. so that is really why we're here today, why we care about this and why we have announced a cyber solutions alliance in u.s. public sector which we put together just last month. and the first solution in that, actually, was record-breaking packet capture solution with a small companied called impulse technologies. so we're bringing companies together to address the cybersecurity challenges that are at the intersection of big data and cybersecurity, cloud and cybersecurity, mobility and cybersecurity. so thank you for being here today, and thank you for everything that you do to secure the nation's mission and cybersecurity, and have a great day. [applause] >> thank you, trisha. now, at government executive media grouping our focus is on the executive branch senior leadership. we have a large portion as

subscribers, and, you know, secretary napolitano alluded to it's not just an issue, cybersecurity's not just anish hue for the nation, it's an issue between agencies, it's an issue where the collaboration between private, public and between agencies is most important. so you have our cover story on cybersecurity and what's happening in terms of the government's collaboration with private industry. and our next panel is going to talk a little bit about that. we have two people that we have featured in this our cover story that will be interviewed by aliya sternstein, our reporter who covers for our publication nextgov, and she was recently -- i will embarrass her -- awarded one of the top awards in cybersecurity journalism. today she's going to be interviewing sean henry, the shocker -- the former fbi assistant director of the cybersecurity branch and sean mcgish at verizon who also is

a former federal official in the department of homeland security under janet napolitano. so, please, join me in welcoming them to the stage. prison. >> you're sitting in the middle? >> no, actually you are there and sean -- >> okay. >> and we are very privileged to have two seans here who both were both in the federal government working very intent jobs. this is sean henry of the fbi who is formerly of the fbi, who was their top cyber cybercop. and sean mcgirk was at dhs, and you heard secretary napolitano talk about the center he works add. it's the national cybersecurity and communications integration

center, better known as ncic, and it's a 24-hour, what, combination of a crisis center/think tank? ..

which is also critical infrastructure sector. so the first question i want to ask is how is your perspective on the threat changed going from the federal government to the private sector? >> i don't know that it's changed actually that much, certainly not for the better. it's very interesting in government i've talked a long time about this perception of an iceberg that when you think about a 3-d version of an iceberg, a little tip is above the water, and that waterline is the line of demarcation between what's declassified and was classified, and what most american cities is the tip of the iceberg. if someone lost their credit card, maybe an attack. below the water line is where 90% of the iceberg resides, and that is what we pick up in a classified environment based on intelligence from our partners, former u.s. intelligence

community. i've seen what's below the iceberg from the government side. from the private sector that i actually get to see that now, too, different ways we collect intelligence by get to see the much broader threat that oftentimes is not reported in the media and it's not good. >> you want to elaborate? >> we hear over and again. it almost sounds, it sounds like we're beating this never ending drop, and it just goes on and on. it breaches into u.s. organizations, the threat of research and the phone, intellectual property, corporate strategies is substantial and it's happening across every single piece of infrastructure. it's happening at the biggest countries in the world. it's happening in the smallest companies. it's not just the data. it's the left of data. it is what i believe is one of

the most if not the most significant threat that we face right now. and i just don't see that getting better. and in my new perspective, that's not been changed. that's only been enhanced. >> i would certainly agree with what sean said about, it didn't really change my perspective. it actually broadened my awareness, if anything else. what i come to find out is that not only are we focusing on the exfiltration of data or the removal of intellectual property which is one of the things we focused on in the cyber domain for quite sometime, it's the actual disruption of services. and in some cases the destruction of physical infrastructure that we are seeing as a capability that is being demonstrated in the cyber domain. >> you are seeing the destruction already? >> yes. what we've seen through different elements, different tools that have been released in the wild, the interruption of goods and services and not for the purpose of gaining monetary

advantage or excellent rating property but to disrupt services. the ongoing campaign against the financial sector is not about exporting data from the financial sector but it's about preventing you from being able to do your online banking. so it's to disrupt your way of life and not to remove information. we are seeing that escalate in the cyber domain. what we do in verizon is focus on putting those risk mitigation strategies in place so that we can take those actionable steps. so the government, my role was an outstanding opportunity to learn about what the challenges were, and then to look at higher level capabilities. but then when you get into the private sector you recognize you have to take those actionable steps. that's the transition i made was from that 24/7 365 knowledge development capability, to share information and share knowledge, to actually taking actionable steps to protect the

environment. >> delving into what your seeing a little more, separate the reality from the height. is the power going to go out for a month, is wall street going to go off-line, with exchanges be knocked out, will we lose economic security, who are the people who are capable of doing these things? and to what extent right now? >> so, there are multiple threat actors in this environment. there are criminal organized groups that are targeting the financial services sectors in terms of exfiltration of data. but i think some of the broader threats and the most substantial threats beyond that just the exultation of data is what chandra pretty which is the disruption of data, the denial of access today. there are foreign intelligence services that are aggressively

pursuing, again, across all domains come and there are terrorist groups that are actively advocating attack on the western world. they're calling for digital jihad. they're looking at targeting not only our critical infrastructure through control systems that they're also looking at our financial services sector. there have been videos that have been released where those that are sympathetic to the jihad because of actively called for attacks on the west. and calls the youth to use their electronic capabilities, use their cyber skills to attack the west. this is their call to jihad, they can have an impact on the cause by using their skill set. so it is broadening beyond the 15 year old kid hacking, defacing a website, into a big business for organized crime groups and into cyber tool or a weapon. cyber is the great equalizer. anybody with a $500 laptop and internet connection can attack any network. they are all connected.

so there is 3.2 billion people have an internet connected. the barrier to entry to being an attacker is very, very low. >> right now looking at the risks that are out there, is it more the economic loss, or creating a fear of economic loss? which is worse right now? >> i mean, if you look at, and i think sean colluded to this, the destruction of infrastructure, i'll defer to him on the industrial control system which is his expertise. when you look at risk, the risk of loss of a million credit card, or the risk of a disruption of our critical infrastructure, whether it be water, sewer, transportation, electric power. if that were to happen and the lights were to go out for three days, five days, a week, a month, two months, what is the

impact of the? their social and economic cost but there's also a fiscal cost. there's a threat to life. there's a threat to our existence, quite frankly. >> i do want to emphasize the fact that, and the secretary alluded to those critical infrastructure. one of the challenges we have in the digital domain out is that those 18 critical infrastructures are so interconnected and interdependent that an impact on one infrastructure could have a detrimental or cascading effect on another. one experiments that we conducted in the department early in the industrial control program was what became known as the aurora experiment will use a digital protective circuit to destroy a physical motor generator set. it's analogous to driving down highway at 60 miles an hour and throwing her transmission in reverse. there's going to be detrimental impact that occur. now instead of putting the opera at risk, i can do that remotely via a keyboard and actually cause a critical failure.

the point is regardless of sector, there is a weak element associate with the critical infrastructure. whether it's a power company that relies on water company to provide the services necessary to generate power, it may be very protective but the water company may not. so instead of looking and as sean alluded to, being a very sophisticated advanced capable force, i could be one of those entry-level hackers that uses a commercially available exploitation tool and launch it against an industry without actually having a desired consequence known up front, but it's the unintended consequences of unintended consequences of impacting that network environment that could cause that failure. so it's not, again at first we thought it took a very advanced level of awareness and understanding, but we see time and time again and the cyber physical domain the unintended consequences of interest in. and in some cases they had no idea what network they were on,

but it still impacts operations. when the impact operations, odyssey you impact the goods and services necessary to sustain our way of life. >> i would think interrupting the transportation sector would have a very big ripple effect. are you seeing that gets? >> we haven't seen any direct attacks against specific critical infrastructure. a lot of it has to do with unintended consequence. we have seen criminal activity in other areas of the world. there have been active hacks into the trained management systems in poland, for instance. were an individual hakkinen caused trains to crash. so the capability is there to the demonstrated capability is there. stuxnet is an example of what you can do with demonstrated capability once you have access to a network, and that's really the issue now, we always thought that we as a security through obscurity model. no one knew what the networks were so we were not too worried about a banana in this

interconnected environment the information is there. the exploitations are there so we have the risk it and then all we have to see is some demonstrate the desire to do so. >> now, shame and secretary napolitano talked a bit about the legislation that congress was unable to send over to the president for a multiple variety of reasons. and now the white house is very likely going to be issuing an executive order, uncertain whether industry will take to that. so what do you think are the easiest, least controversial policies that can either be passed in the next congress, or regulated without upsetting to many people that would actually have an effect and minimize the threat? >> what are you looking at me for? that's a hot potato.

i'll start off by saying that the challenge that we have is, especially in the cyber domain, there is no one size fits all approach. when you look at those 18 critical infrastructures that the secretary referred to, something that could fundamentally fix the energy sector could fundamentally break the chemical sector, or the water sector. so we look at it as providing that cybersecurity regulation, if you will, there is no same entity that regulates every chemical covered, water company, power company, financial services sector in the united states. so there's no single element that does that. so to provide, to take that same that train and try to apply to the cyber world actually failed to recognize the difference in the various communities in the various sectors. in the telecommunications sector where verizon sets and also in the i.t. sector, as we straddle both sides, sometimes we have capability in one area based on

our current authorities from regulations, and sometimes weird limitations, for very good reasons. so to be able to apply a very broad brush would be difficult. that being said i think it's important to focus on providing the protections for industry to take the necessary steps to incentivize behavior as opposed to punish noncompliance. compliance is a floor, not a ceiling. it is not going to get us to security. it will enable those processes that enhance security but it doesn't guarantee security. so we have to look at that and we also have to look at enhancing and protecting the sharing of information between the private sector and federal government. so that the private sector is not being held accountable or responsible for the value of the information that is being shared, and how it's going to be used in the future. and vice versa. the government often come at it myself when i was in dhs, criticized the lack of information coming from the private sector. on the p